Home | Back
|
IS-871 OS & File System Forensics
|
Campus
|
MCS
|
Programs
|
PG
|
Session
|
Fall Semester 2016
|
Course Title
|
OS & File System Forensics
|
Course Code
|
IS-871
|
Credit Hours
|
3+0
|
Pre-Requisutes
|
Basic knowledge of Operating Systems
|
Course Objectives
|
This course focuses on advanced analysis of the FAT, NTFS, EXT, and HFS file systems. It uses advanced forensic tools and hands-on exercises to help students understand how data is stored at the file system level. The emphasis will be on understanding how malicious software can hide in the depths of the operating system and how an analyst can discover and retrieve these artifacts.
|
Detail Content
|
- Introduction Physical and logical disk structures, general file system identification, volume analysis, Clusters, File System Metadata, Live, Deleted, Unallocated data and File Slack
- Fundamentals of host forensics for Microsoft Windows Includes kernel architecture, device driver architecture, registry, auditing, and security architecture
- FAT Concepts and Analysis FAT File System handling, Data Recovery from the FAT File System, Forensics and reconstruction of file and directory structures on the FAT file system
- NTFS Concepts and Analysis NTFS File System, NTFS Data Structures, Data Recovery from the NTFS File System, Forensics and reconstruction of file and directory structures on the NTFS file system
- HFS+ Concepts and Analysis HFS+ File System, HFS+ Data Structures, Data Recovery from the HFS+ File System, Forensics and the HFS+ File System
- Fundamentals of host forensics for Unix derivatives Using the Linux operating system as an exemplar, including kernel and device driver architecture, security and audit mechanisms
|
Text/Ref Books
|
- File System Forensic Analysis by Brian Carrier; ISBN 0-321-26817-2 published by Addison-Wesley
- D. P. Bovet, M. Cesati: Understanding the Linux Kernel, 3rd ed. O’Reilly
- M. Russinovich, D.A. Soiomon, A. Ionescu: Windows Internals, 5th ed. Microsoft Press, 2008
|
Time Schedule
|
Fall Semester 2015
|
Faculty/Resource Person
|
Lt Col Baber Aslam, PhD
University of Central Florida, Orlando, USA
Discipline: Computer Science
Specialization: Information Security
|
|